Abp配置文件设置IdentityServer客户端
在没有购买商业版,又没实现IdentityServer配置管理页功能时,我们又得配置客户端时。
设想通过appsettings.json,临时添加配置,然后执行.DbMigrator
迁移数据。
这时原版代码需要以下改动:
修改.Domain
项目中IdentityServerDataSeedContributor
类的CreateClientsAsync
方法。
private async Task CreateClientsAsync()
{
var commonScopes = new[]
{
"email",
"openid",
"profile",
"role",
"phone",
"address"
};
var configurationSection = _configuration.GetSection("IdentityServer:Clients");
foreach (var section in configurationSection.GetChildren())
{
var clientId = section["ClientId"];
var secret = (section["ClientSecret"] ?? "123456").Sha256();
var rootUrl = section["RootUrl"].EnsureEndsWith('/');
var grantTypes = (section["GrantTypes"] ?? "client_credentials").Split();
var redirectUri = section["RedirectUri"] ?? $"{rootUrl}signin-oidc";
var postLogoutRedirectUri = section["PostLogoutRedirectUri"] ?? $"{rootUrl}signout-callback-oidc";
var frontChannelLogoutUri = section["FrontChannelLogoutUri"] ?? rootUrl;
var requireClientSecret = (section["RequireClientSecret"] ?? "False").To<bool>();
var requirePkce = (section["RequirePkce"] ?? "False").To<bool>();
var corsOrigins = new[] { rootUrl.RemovePostFix("/") };
await CreateClientAsync(
name: clientId,
scopes: commonScopes,
grantTypes: grantTypes,
secret: secret,
redirectUri: redirectUri,
postLogoutRedirectUri: postLogoutRedirectUri,
frontChannelLogoutUri: frontChannelLogoutUri,
requireClientSecret,
requirePkce,
corsOrigins: corsOrigins
);
}
}
修改.DbMigrator
项目中appsettings.json
为:
{
"ConnectionStrings": {
"Default": "Server=(LocalDb)\\MSSQLLocalDB;Database=IdentityServer;Trusted_Connection=True;"
},
"IdentityServer": {
"Clients": {
"TestClient.Mvc": {
"ClientId": "TestClient.Mvc",
"ClientSecret": "TestClient.Mvc",
"RootUrl": "https://localhost:53279",
"GrantTypes": "authorization_code",
"RequirePkce": true
},
"MyProject_Web": {
"ClientId": "MyProject_Web",
"ClientSecret": "1q2w3e*",
"RootUrl": "https://localhost:44393",
"GrantTypes": "hybrid",
"FrontChannelLogoutUri": "https://localhost:44393/Account/FrontChannelLogou"
},
"MyProject_App": {
"ClientId": "MyProject_App",
"ClientSecret": "1q2w3e*",
"RootUrl": "http://localhost:4200",
"GrantTypes": "password client_credentials authorization_code"
},
"MyProject_Blazor": {
"ClientId": "MyProject_Blazor",
"RootUrl": "https://localhost:44307",
"GrantTypes": "authorization_code",
"RedirectUri": "https://localhost:44307/authentication/login-callback",
"PostLogoutRedirectUri": "https://localhost:44307/authentication/logout-callback"
},
"MyProject_Swagger": {
"ClientId": "MyProject_Swagger",
"ClientSecret": "1q2w3e*",
"RootUrl": "https://localhost:44399",
"GrantTypes": "authorization_code",
"redirectUri": "https://localhost:44399/swagger/oauth2-redirect.html"
}
}
}
}